| Index: webrtc/base/opensslstreamadapter.cc
|
| diff --git a/webrtc/base/opensslstreamadapter.cc b/webrtc/base/opensslstreamadapter.cc
|
| index 30326f57a2e7f5fca0b1d233316ad134f7085971..ea64520299044941d435928d4d9b7a43902c7784 100644
|
| --- a/webrtc/base/opensslstreamadapter.cc
|
| +++ b/webrtc/base/opensslstreamadapter.cc
|
| @@ -1147,6 +1147,7 @@ bool OpenSSLStreamAdapter::HaveExporter() {
|
| #endif
|
| }
|
|
|
| +// TODO(torbjorng): Remove.
|
| int OpenSSLStreamAdapter::GetDefaultSslCipherForTest(SSLProtocolVersion version,
|
| KeyType key_type) {
|
| if (key_type == KT_RSA) {
|
| @@ -1189,6 +1190,81 @@ int OpenSSLStreamAdapter::GetDefaultSslCipherForTest(SSLProtocolVersion version,
|
| }
|
| }
|
|
|
| +#define CDEF(X) \
|
| + { static_cast<uint16_t>(TLS1_CK_##X & 0xffff), "TLS_" #X }
|
| +
|
| +struct cipher_list {
|
| + uint16_t cipher;
|
| + const char* cipher_str;
|
| +};
|
| +
|
| +// TODO(torbjorng): Add more cipher suites to these lists.
|
| +static const cipher_list OK_RSA_ciphers[] = {
|
| + CDEF(ECDHE_RSA_WITH_AES_128_CBC_SHA),
|
| + CDEF(ECDHE_RSA_WITH_AES_256_CBC_SHA),
|
| + CDEF(ECDHE_RSA_WITH_AES_128_GCM_SHA256),
|
| +#ifdef TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA256
|
| + CDEF(ECDHE_RSA_WITH_AES_256_GCM_SHA256),
|
| +#endif
|
| + CDEF(ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256),
|
| +};
|
| +
|
| +static const cipher_list OK_ECDSA_ciphers[] = {
|
| + CDEF(ECDHE_ECDSA_WITH_AES_128_CBC_SHA),
|
| + CDEF(ECDHE_ECDSA_WITH_AES_256_CBC_SHA),
|
| + CDEF(ECDHE_ECDSA_WITH_AES_128_GCM_SHA256),
|
| +#ifdef TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA256
|
| + CDEF(ECDHE_ECDSA_WITH_AES_256_GCM_SHA256),
|
| +#endif
|
| + CDEF(ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256),
|
| +};
|
| +
|
| +bool OpenSSLStreamAdapter::IsAcceptableCipher(int cipher,
|
| + SSLProtocolVersion version,
|
| + KeyType key_type) {
|
| + if (key_type == KT_RSA) {
|
| + for (const cipher_list &c : OK_RSA_ciphers) {
|
| + if (cipher == c.cipher)
|
| + return true;
|
| + }
|
| + }
|
| +
|
| + if (key_type == KT_ECDSA) {
|
| + for (const cipher_list &c : OK_ECDSA_ciphers) {
|
| + if (cipher == c.cipher)
|
| + return true;
|
| + }
|
| + }
|
| +
|
| + // TODO(torbjorng): Remove before landing.
|
| + LOG(LS_ERROR) << "Attempted use of truly terrible cipher suite: "
|
| + << OpenSSLStreamAdapter::SslCipherSuiteToName(cipher) << "("
|
| + << cipher << ")";
|
| + return false;
|
| +}
|
| +
|
| +bool OpenSSLStreamAdapter::IsAcceptableCipher(std::string cipher,
|
| + SSLProtocolVersion version,
|
| + KeyType key_type) {
|
| + if (key_type == KT_RSA) {
|
| + for (const cipher_list &c : OK_RSA_ciphers) {
|
| + if (cipher == c.cipher_str)
|
| + return true;
|
| + }
|
| + }
|
| +
|
| + if (key_type == KT_ECDSA) {
|
| + for (const cipher_list &c : OK_ECDSA_ciphers) {
|
| + if (cipher == c.cipher_str)
|
| + return true;
|
| + }
|
| + }
|
| +
|
| + // TODO(torbjorng): Remove before landing.
|
| + LOG(LS_ERROR) << "Attempted use of truly terrible cipher suite: " << cipher;
|
| + return false;
|
| +}
|
| +
|
| } // namespace rtc
|
|
|
| #endif // HAVE_OPENSSL_SSL_H
|
|
|
Chromium Code Reviews
Issue 1774583002:
Add IsAcceptableCipher, use instead of GetDefaultCipher. (Closed)
Base URL: https://chromium.googlesource.com/external/webrtc.git@master